A moderate-severity vulnerability in VMware Tools could allow attackers with limited privileges to manipulate files and trigger insecure operations within virtual machines.
The vulnerability, tracked as CVE-2025-22247, affects both Windows and Linux versions of VMware Tools 11.x.x and 12.x.x, with macOS versions confirmed to be unaffected.
Since there are currently no workarounds and exploitation might compromise the integrity of impacted virtual machines, prompt patching is highly advised.
According to the Broadcom advisory, the insecure file handling vulnerability allows “a malicious actor with non-administrative privileges on a guest VM to tamper the local files to trigger insecure file operations within that VM”.
The vulnerability has received a CVSSv3 base score of 6.1, placing it in the moderate severity range. Security researcher Sergey Bliznyuk of Positive Technologies has been credited with discovering and reporting the vulnerability to VMware.
This latest security issue follows several other VMware vulnerabilities addressed earlier this year, including a critical TOCTOU vulnerability (CVE-2025-22224) affecting VMware ESXi and Workstation that could lead to out-of-bounds write and potential code execution.
This type of vulnerability is particularly concerning in virtualized environments where multiple tenants share physical infrastructure.
Even though the impact is contained within the guest VM, it could be used as part of a larger attack chain or for privilege escalation within the virtual machine.
Source: